Castle-And-Moat Approach Provides False Sense Of Security
Why are we spending billions of dollars on security and why are we still getting hacked? I think it seems like a tough answer, but it’s not. I think we’re getting a false sense of security doing security the way we started doing 20 years ago. The world has moved. We are still doing this castle-and-moat security. You are inside my firewall, you’re safe. You’re outside it, you’re not safe.
So this data center-centric approach, network-centric approach is broken. And the applications have left the castle. Users have left the castle. And we are still protecting those empty castles. I think until the enterprises wake up and start saying, ‘I must do security very differently’ - which is where zero trust comes in - I’m afraid we’ll keep on seeing these security hacks …
In spite of a lot of discussion about zero trust, a lot of enterprises are still doing castle-and-moat security and thinking then they are safe … We are buying billions of dollars’ worth of firewalls every day. If you buy a firewall, it is network security. It is castle-and-moat. Because zero trust means no firewalls, no moats. Zero trust is literally a switchboard concept. Everyone is untrusted, users are untrusted. They come to the switchboard, they validate who they are, and the switchboard connects them to the right application or service.
I think our enterprises have a false sense of security. I think it’s a job of security vendors like us; it’s a job for our partner channel community to really understand this and help our enterprises. It helps them with their security, and it helps us grow our business. It’s a win-win proposition.